// named.conf file for ns-master.fedoraproject.org
// located in /var/named/chroot/etc/named.conf
// By: Elliot Lee <sopwith@redhat.com>
// 2005/12/21 for fedoraproject.org
// Based on the same file for ns-master.gnome.org
// By: Matthew Galgoci <mgalgoci@redhat.com>
// 2003/10/13 for gnome.org
//

// Setup for GeoDNS
include "/var/named/GeoIP.acl";

//include rndckey
include "/etc/rndc.key";

// dns1.j2solutions.net - run by Jesse Keating <jkeating@redhat.com>
acl "slaves" { 209.124.61.35; };
//
acl "everyone-v4" { 0.0.0.0/0;  };
acl "everyone-v6" { ::0/0; };
acl "everyone" { 0.0.0.0/0; ::0/0; };
//
acl "ns_redhat" { 66.187.233.210; 209.132.183.2; 66.187.229.10; };
//
acl "phx2net" { 10.4.124.128/25; 10.5.78.0/24; 10.5.79.0/24; 10.5.125.0/24; 10.5.126.0/24; 10.5.127.0/24; 10.5.128.0/24; 10.5.129.0/24; 10.5.130.0/24; 10.16.0.0/24; };
acl "qanet" { 10.5.124.128/25; 10.5.131.0/24; };
acl "rh-slaves" { 10.5.30.78; 10.11.5.70; };
acl "rh" { 10.0.0.0/8; };
//
options {
        directory "/";
        auth-nxdomain yes;
        allow-query { everyone; };
        dnssec-enable yes;
        query-source address * port *;
        query-source-v6 address * port *;
        allow-transfer { localhost; slaves; rh-slaves; rh;};
        transfer-source * port 53;
        pid-file "/var/run/named/named.pid";
        statistics-file "/var/log/named.stats";
        provide-ixfr no;

        version "cowbell++";
        listen-on port 53 {
                any;
        };
        listen-on-v6 port 53 {
                any;
        };
        notify yes;
        minimal-responses yes;
        // rate-limit requests
        rate-limit {
                responses-per-second 25;
                window 5;
        };
};
//
logging {
    channel "normal" {
	syslog;
        severity info;
        print-time yes;
        print-category yes;
        print-severity yes;
    };
    category "default" { "normal"; };
    category "general" { "normal"; };
    category "database" { "null"; };
    category "security" { "normal"; };
    category "config" { "normal"; };
    category "resolver" { "normal"; };
    category "xfer-in" { "normal"; };
    category "xfer-out" { "normal"; };
    category "notify" { "normal"; };
    category "client" { "null"; };
    category "network" { "null"; };
    category "update" { "normal"; };
    category "queries" { "null"; };
    category "dispatch" { "null"; };
    category "dnssec" { "normal"; };
    category "lame-servers" { "null"; };
};
//
// Who can rndc our server (only localhost)...
//
controls {
    inet 127.0.0.1 port 953 allow { localhost; } keys { rndckey; };
};

view "QA" {
     match-clients { qanet; };
     allow-recursion { localhost; qanet; rh-slaves; rh; };
     recursion yes;
     // no rate-limit on internal requests
     rate-limit {
          exempt-clients { qanet; };
     };

  # make sure we forward only for redhat.com lookups
     zone "redhat.com" {
           type forward;
           forward only;
           forwarders { 10.5.26.20; 10.5.26.21; };
     };


     zone "beaker-project.org" {
           type forward;
           forward only;
           forwarders { 10.5.26.20; 10.5.26.21; };
     };

     zone "88.5.10.in-addr.arpa" {
           type forward;
           forward only;
           forwarders { 10.5.26.20; 10.5.26.21; };
     };

     zone "4.10.in-addr.arpa" {
           type forward;
           forward only;
           forwarders { 10.5.26.20; 10.5.26.21; };
     };

     zone "5.10.in-addr.arpa" {
           type forward;
           forward only;
           forwarders { 10.5.26.20; 10.5.26.21; };
     };

     zone "10.in-addr.arpa" {
           type forward;
           forward only;
           forwarders { 10.5.26.20; 10.5.26.21; };
     };

     zone "186.132.209.in-addr.arpa." {
           type forward;
           forward only;
           forwarders { 10.5.26.20; 10.5.26.21; };
     };

     zone "qa.fedoraproject.org" {
             type master;
             file "/var/named/master/built/qa.fedoraproject.org";
     };

     zone "rdu2.fedoraproject.org" {
             type master;
             file "/var/named/master/built/rdu2.fedoraproject.org";
     };

     zone "phx2.fedoraproject.org" {
             type master;
             file "/var/named/master/built/phx2.fedoraproject.org.signed";
     };

     zone "stg.phx2.fedoraproject.org" {
             type master;
             file "/var/named/master/built/stg.phx2.fedoraproject.org";
     };

     zone "mgmt.fedoraproject.org" {
             type master;
             file "/var/named/master/built/mgmt.fedoraproject.org";
     };

     zone "arm.fedoraproject.org" {
             type master;
             file "/var/named/master/built/arm.fedoraproject.org";
     };

     zone "ppc.fedoraproject.org" {
             type master;
             file "/var/named/master/built/ppc.fedoraproject.org";
     };

     zone "s390.fedoraproject.org" {
             type master;
             file "/var/named/master/built/s390.fedoraproject.org";
     };

     zone "78.5.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/78.5.10.in-addr.arpa";
     };

     zone "79.5.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/79.5.10.in-addr.arpa";
     };

     zone "124.5.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/124.5.10.in-addr.arpa";
     };

     zone "125.5.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/125.5.10.in-addr.arpa";
     };

     zone "126.5.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/126.5.10.in-addr.arpa";
     };

     zone "127.5.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/127.5.10.in-addr.arpa";
     };

     zone "128.5.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/128.5.10.in-addr.arpa";
     };

     zone "129.5.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/129.5.10.in-addr.arpa";
     };

     zone "130.5.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/130.5.10.in-addr.arpa";
     };

     zone "131.5.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/131.5.10.in-addr.arpa";
     };


     zone "fedoraproject.org" {
             type master;
             file "/var/named/master/built/QA/fedoraproject.org.signed";
     };
     zone "cloud.fedoraproject.org" {
             type master;
             file "/var/named/master/built/QA/cloud.fedoraproject.org.signed";
     };
     zone "getfedora.org" {
             type master;
             file "/var/named/master/built/QA/getfedora.org.signed";
     };

     include "/etc/named/zones.conf";
};

view "PHX2" {
     match-clients { phx2net; rh-slaves; 192.168.0.0/16; 172.16.0.0/12; };
     allow-recursion { localhost; phx2net; rh-slaves; rh; };
     recursion yes;
     // no rate-limit on internal requests
     rate-limit {
          exempt-clients { phx2net; };
     };
  # make sure we forward only for redhat.com lookups
     zone "redhat.com" {
           type forward;
           forward only;
           forwarders { 10.5.26.20; 10.5.26.21; };
     };

     zone "access.redhat.com" {
           type forward;
           forward only;
           forwarders { 152.19.134.150; 140.211.169.201; 66.35.62.163; };
     };

     zone "projectatomic.io" {
           type forward;
           forward only;
           forwarders { 10.5.26.20; 10.5.26.21; };
     };

     zone "beaker-project.org" {
           type forward;
           forward only;
           forwarders { 10.5.26.20; 10.5.26.21; };
     };

  # also, we need to forward some jboss.org for fuse-fabric/bugzilla2fedmsg
     zone "jboss.org" {
           type forward;
           forward only;
           forwarders { 10.5.26.20; 10.5.26.21; };
     };

     zone "88.5.10.in-addr.arpa" {
           type forward;
           forward only;
           forwarders { 10.5.26.20; 10.5.26.21; };
     };

     zone "4.10.in-addr.arpa" {
           type forward;
           forward only;
           forwarders { 10.5.26.20; 10.5.26.21; };
     };

     zone "5.10.in-addr.arpa" {
           type forward;
           forward only;
           forwarders { 10.5.26.20; 10.5.26.21; };
     };

     zone "10.in-addr.arpa" {
           type forward;
           forward only;
           forwarders { 10.5.26.20; 10.5.26.21; };
     };

     zone "186.132.209.in-addr.arpa." {
           type forward;
           forward only;
           forwarders { 10.5.26.20; 10.5.26.21; };
     };

     zone "qa.fedoraproject.org" {
             type master;
             file "/var/named/master/built/qa.fedoraproject.org";
     };

     zone "phx2.fedoraproject.org" {
             type master;
             file "/var/named/master/built/phx2.fedoraproject.org.signed";
     };

     zone "stg.phx2.fedoraproject.org" {
             type master;
             file "/var/named/master/built/stg.phx2.fedoraproject.org";
     };

     zone "mgmt.fedoraproject.org" {
             type master;
             file "/var/named/master/built/mgmt.fedoraproject.org";
     };

     zone "rdu2.fedoraproject.org" {
             type master;
             file "/var/named/master/built/rdu2.fedoraproject.org";
     };

     zone "arm.fedoraproject.org" {
             type master;
             file "/var/named/master/built/arm.fedoraproject.org";
     };

     zone "ppc.fedoraproject.org" {
             type master;
             file "/var/named/master/built/ppc.fedoraproject.org";
     };

     zone "s390.fedoraproject.org" {
             type master;
             file "/var/named/master/built/s390.fedoraproject.org";
     };

     zone "78.5.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/78.5.10.in-addr.arpa";
     };

     zone "79.5.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/79.5.10.in-addr.arpa";
     };

     zone "124.5.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/124.5.10.in-addr.arpa";
     };

     zone "2.31.172.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/2.31.172.in-addr.arpa";
     };

     zone "125.5.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/125.5.10.in-addr.arpa";
     };

     zone "126.5.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/126.5.10.in-addr.arpa";
     };

     zone "127.5.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/127.5.10.in-addr.arpa";
     };

     zone "128.5.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/128.5.10.in-addr.arpa";
     };

     zone "129.5.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/129.5.10.in-addr.arpa";
     };

     zone "130.5.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/130.5.10.in-addr.arpa";
     };

     zone "131.5.10.in-addr.arpa" {
	     type master;
	     file "/var/named/master/built/131.5.10.in-addr.arpa";
     };


     zone "fedoraproject.org" {
             type master;
             file "/var/named/master/built/PHX2/fedoraproject.org.signed";
     };
     zone "cloud.fedoraproject.org" {
             type master;
             file "/var/named/master/built/PHX2/cloud.fedoraproject.org.signed";
     };
     zone "getfedora.org" {
             type master;
             file "/var/named/master/built/PHX2/getfedora.org.signed";
     };

     include "/etc/named/zones.conf";
};

// The zones
view "NA" {
        match-clients { US; CA; MX; };
        recursion no;
        zone "fedoraproject.org" {
                type master;
                file "/var/named/master/built/NA/fedoraproject.org.signed";
        };
        zone "cloud.fedoraproject.org" {
                type master;
                file "/var/named/master/built/NA/cloud.fedoraproject.org.signed";
        };
        zone "getfedora.org" {
                type master;
                file "/var/named/master/built/NA/getfedora.org.signed";
        };
        include "/etc/named/zones.conf";
};


// This is not "EU" countries, I just wanted a short way to represent Europe.
view "EU" {
        match-clients { AT; BE; BG; CY; CZ; DE; DK; EE; ES; FI; FR; GR; HU; IT; LT; LU; LV; MT; NL; PL; PT; RO; RU; SE; UA; GB; IE; IS; NO; };
        recursion no;
        zone "fedoraproject.org" {
                type master;
                file "/var/named/master/built/EU/fedoraproject.org.signed";
        };
        zone "cloud.fedoraproject.org" {
                type master;
                file "/var/named/master/built/EU/cloud.fedoraproject.org.signed";
        };
        zone "getfedora.org" {
                type master;
                file "/var/named/master/built/EU/getfedora.org.signed";
        };
        include "/etc/named/zones.conf";
};


view "DEFAULT" {
        match-clients { any; };
        recursion no;
        zone "fedoraproject.org" {
                type master;
                file "/var/named/master/built/DEFAULT/fedoraproject.org.signed";
        };
        zone "cloud.fedoraproject.org" {
                type master;
                file "/var/named/master/built/DEFAULT/cloud.fedoraproject.org.signed";
        };
        zone "getfedora.org" {
                type master;
                file "/var/named/master/built/DEFAULT/getfedora.org.signed";
        };
        include "/etc/named/zones.conf";
};

// Enabling bind9 statistics on localhost for collectd
statistics-channels {
	inet 127.0.0.1 port 8053;
};
